gpEasy CMS version 4.0 suffers from a remote shell upload vulnerability.
e6a962ae8b8f243dd6d721a24a57df334654b638a0b15f05c7375f21e7d1860b
The 3Com NBX V3000 phone system firmware was found to have the VxWorks remote debug service enabled. This allows for remotely extracting the contents of device memory over the network. When parsing the contents of memory, it was discovered that the call logs for the system as well as URLs which linked to WAV files containing voice mails that were accessible.
83f9bcf13390d5de35a662b882d55f84b95389bbc98e486345a8b9bca583fb12
There is a buffer overflow in libsrtp based on how the function crypto_policy_set_from_profile_for_rtp applies the cryptographic profiles srtp_profile_aes128_cm_sha1_32/srtp_profile_aes256_cm_sha1_32 to a srtp_policy, as shown by the source code of srtp/srtp.c.
112bf3ad2eda5bcd6a0c1e1ed5ede49353a25cf04adb02ff4b6303ee26c6fef2
Monkey HTTPD version 1.2.0 suffers from a buffer overflow vulnerability that may result in arbitrary code execution or denial of service.
e95d7c4461031fea05dff249b83585cd183eb5646afab885f06d666b7e6c2ecb
Cuppa CMS suffers from remote and local file inclusion vulnerabilities.
1a69a262547b1fde2db132b721a60013a5cd8b3c578bd74d70a96f541610f65b
CMS Gratis Indonesia version 2.2 Beta 1 suffers from a remote PHP code injection vulnerability.
d5d9e10e13a2a21562a07f38c21d1f17883de814411cf199efd4e1cc59e891c6
aCMS version 1.0 suffers from authentication bypass and remote shell upload vulnerabilities.
875ffc473c15baa5846810a8e8bb150911ceee8efcf610bea5bbed80667ad678
Dotclear version 2.5 suffers from a cross site scripting vulnerability.
e963b235c2473ba1856c41c979ed4bdb77a01b126752a9d002ff7ec49969440a
The newsroom.cisco.com site suffers from an iframe injection vulnerability.
7c7404d303323b25bef0361335de4f0a9addc36ab366f74f8c9064bbbeac0378
SweetRice CMS version 1.2.5 suffers from multiple cross site scripting vulnerabilities.
156065d49f5041b39e8c0bd9573b39af9555b001376a5433c9fd44f984ccde60
This document specifies a method for generating IPv6 Interface Identifiers to be used with IPv6 Stateless Address Autoconfiguration (SLAAC), such that addresses configured using this method are stable within each subnet, but the Interface Identifier changes when hosts move from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware address (e.g., using IEEE identifiers), such that the benefits of stable addresses can be achieved without sacrificing the privacy of users. The method specified in this document applies to all prefixes a host may be employing, including link-local, global, and unique- local addresses.
aea1ddd79e402a7e6cae6940341f56386d8efe61f639f9142e54a9dda4b93d71
Pixelpost version 1.7.3 suffers from a cross site scripting vulnerability.
b12ac8118bf09ea057609691a156e98a4c44163bd47842ab4492b16bad0c61bb
PEStudio version 3.69 suffers from a denial of service vulnerability.
894e7f4fc68a36429f7c80e4ae5b799448f3a8f2cf6a057e92074baaf53a4122
Telaen versions 1.3.0 and below suffer from cross site scripting, open redirection, and path disclosure vulnerabilities.
5feb4207ecee4e46ec86c9e6ba15c68352eb1601695fd3a1d1125aa7fe8cfbb5
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
3143e1c71803d7c023db29134bb1a2f142de3ebaf7c35d5109204828ddb3b075
PHD Help Desk version 2.12 suffers from a remote SQL injection vulnerability.
5bd6713ae091f3a88456a992a6a2c14fd6a5cd823bb577c71eac2b768737e167
Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added. This is the source release.
3a8323727d389d763075b3fcd116e0a65ff044c84b953eb794d71d58ef587706
This exploit dumps an arbitrary file from the filesystem with root level permissions on Seowonintech routers with firmware less than and equal to 2.3.9.
a361e183bb4d71aeac2a13c018d683c22813b4cf4ffebf480914b8997082860a